<!DOCTYPE html>
<html lang="zh-cn">
<head>
  
    <link type="text/css" rel="stylesheet" href="/bundles/blog-common.css?v=KOZafwuaDasEedEenI5aTy8aXH0epbm6VUJ0v3vsT_Q1"/>
<link id="MainCss" type="text/css" rel="stylesheet" href="/skins/ThinkInside/bundle-ThinkInside.css?v=RRjf6pEarGnbXZ86qxNycPfQivwSKWRa4heYLB15rVE1"/>
<link type="text/css" rel="stylesheet" href="/blog/customcss/428549.css?v=%2fam3bBTkW5NBWhBE%2fD0lcyJv5UM%3d"/>

</head>
<body>
<a name="top"></a>

<div id="page_begin_html"></div><script>load_page_begin_html();</script>

<div id="topics">
	<div class = "post">
		<h1 class = "postTitle">
			<a id="cb_post_title_url" class="postTitle2" href="https://www.cnblogs.com/frankdeng/p/9139035.html">CentOS7.5搭建ELK6.2.4集群及插件安装</a>
		</h1>
		<div class="clear"></div>
		<div class="postBody">
			<div id="cnblogs_post_body" class="blogpost-body"><h2>一 简介</h2>
<p><span style="font-size: 16px;">Elasticsearch是一个高度可扩展的开源全文搜索和分析引擎。它允许您快速，近实时地存储，搜索和分析大量数据。它通常用作支持具有复杂搜索功能和需求的应用程序的底层引擎/技术。</span></p>
<p>下载地址：<a href="https://www.elastic.co/cn/downloads" target="_blank">https://www.elastic.co/cn/downloads</a>&nbsp; &nbsp; &nbsp; &nbsp;版本：elasticsearch-6.2.4.tar.gz&nbsp;&nbsp;&nbsp; &nbsp;logstash-6.2.4.tar.gz&nbsp; &nbsp;&nbsp;kibana-6.2.4-x86_64.rpm&nbsp; &nbsp;filebeat-6.2.4-x86_64.rpm</p>
<h2>1 基本概念</h2>
<p>接近实时（NRT）</p>
<ul>
<li>Elasticsearch 是一个接近实时的搜索平台。这意味着，从索引一个文档直到这个文档能够被搜索到有一个很小的延迟（通常是 1 秒）。</li>
</ul>
<p id="集群cluster">集群（cluster）</p>
<ul>
<li>代表一个集群，集群中有多个节点（node），其中有一个为主节点，这个主节点是可以通过选举产生的，主从节点是对于集群内部来说的。es的一个概念就是去中心化，字面上理解就是无中心节点，这是对于集群外部来说的，因为从外部来看es集群，在逻辑上是个整体，你与任何一个节点的通信和与整个es集群通信是等价的。</li>
</ul>
<p id="索引index">索引（index）</p>
<ul>
<li>ElasticSearch将它的数据存储在一个或多个索引（index）中。用SQL领域的术语来类比，索引就像数据库，可以向索引写入文档或者从索引中读取文档，并通过ElasticSearch内部使用Lucene将数据写入索引或从索引中检索数据。</li>
</ul>
<p id="文档document">文档（document）</p>
<ul>
<li>文档（document）是ElasticSearch中的主要实体。对所有使用ElasticSearch的案例来说，他们最终都可以归结为对文档的搜索。文档由字段构成。</li>
</ul>
<p id="映射mapping">映射（mapping）</p>
<ul>
<li>所有文档写进索引之前都会先进行分析，如何将输入的文本分割为词条、哪些词条又会被过滤，这种行为叫做映射（mapping）。一般由用户自己定义规则。</li>
</ul>
<p id="类型type">类型（type）</p>
<ul>
<li>每个文档都有与之对应的类型（type）定义。这允许用户在一个索引中存储多种文档类型，并为不同文档提供类型提供不同的映射。</li>
</ul>
<p id="分片shards">分片（shards）</p>
<ul>
<li>代表索引分片，es可以把一个完整的索引分成多个分片，这样的好处是可以把一个大的索引拆分成多个，分布到不同的节点上。构成分布式搜索。分片的数量只能在索引创建前指定，并且索引创建后不能更改。5.X默认不能通过配置文件定义分片</li>
</ul>
<p id="副本replicas">副本（replicas）</p>
<ul>
<li>代表索引副本，es可以设置多个索引的副本，副本的作用一是提高系统的容错性，当个某个节点某个分片损坏或丢失时可以从副本中恢复。二是提高es的查询效率，es会自动对搜索请求进行负载均衡。</li>
</ul>
<p id="数据恢复recovery">数据恢复（recovery）</p>
<ul>
<li>代表数据恢复或叫数据重新分布，es在有节点加入或退出时会根据机器的负载对索引分片进行重新分配，挂掉的节点重新启动时也会进行数据恢复。</li>
<li>GET /_cat/health?v&nbsp;&nbsp; #可以看到集群状态</li>
</ul>
<p id="数据源river">数据源（River）</p>
<ul>
<li>代表es的一个数据源，也是其它存储方式（如：数据库）同步数据到es的一个方法。它是以插件方式存在的一个es服务，通过读取river中的数据并把它索引到es中，官方的river有couchDB的，RabbitMQ的，Twitter的，Wikipedia的，river这个功能将会在后面的文件中重点说到。</li>
</ul>
<p id="网关gateway">网关（gateway）</p>
<ul>
<li>代表es索引的持久化存储方式，es默认是先把索引存放到内存中，当内存满了时再持久化到硬盘。当这个es集群关闭再重新启动时就会从gateway中读取索引数据。es支持多种类型的gateway，有本地文件系统（默认），分布式文件系统，Hadoop的HDFS和amazon的s3云存储服务。</li>
</ul>
<p id="自动发现discoveryzen">自动发现（discovery.zen）</p>
<ul>
<li>代表es的自动发现节点机制，es是一个基于p2p的系统，它先通过广播寻找存在的节点，再通过多播协议来进行节点之间的通信，同时也支持点对点的交互。</li>
<li>5.X关闭广播，需要自定义</li>
</ul>
<p id="通信transport">通信（Transport）</p>
<ul>
<li>代表es内部节点或集群与客户端的交互方式，默认内部是使用tcp协议进行交互，同时它支持http协议（json格式）、thrift、servlet、memcached、zeroMQ等的传输协议（通过插件方式集成）。</li>
<li>节点间通信端口默认：9300-9400</li>
</ul>
<p id="分片和复制shards-and-replicas">分片和复制（shards and replicas）</p>
<p>　　一个索引可以存储超出单个结点硬件限制的大量数据。比如，一个具有10亿文档的索引占据1TB的磁盘空间，而任一节点可能没有这样大的磁盘空间来存储或者单个节点处理搜索请求，响应会太慢。</p>
<p>为了解决这个问题，Elasticsearch提供了将索引划分成多片的能力，这些片叫做分片。当你创建一个索引的时候，你可以指定你想要的分片的数量。每个分片本身也是一个功能完善并且独立的&ldquo;索引&rdquo;，这个&ldquo;索引&rdquo; 可以被放置到集群中的任何节点上。</p>
<p>分片之所以重要，主要有两方面的原因：</p>
<ul>
<li>允许你水平分割/扩展你的内容容量</li>
<li>允许你在分片（位于多个节点上）之上进行分布式的、并行的操作，进而提高性能/吞吐量&nbsp;<br />至于一个分片怎样分布，它的文档怎样聚合回搜索请求，是完全由Elasticsearch管理的，对于作为用户的你来说，这些都是透明的。</li>


























































</ul>
<p>在一个网络/云的环境里，失败随时都可能发生。在某个分片/节点因为某些原因处于离线状态或者消失的情况下，故障转移机制是非常有用且强烈推荐的。为此， Elasticsearch允许你创建分片的一份或多份拷贝，这些拷贝叫做复制分片，或者直接叫复制。</p>
<p>复制之所以重要，有两个主要原因：</p>
<ul>
<li>在分片/节点失败的情况下，复制提供了高可用性。复制分片不与原/主要分片置于同一节点上是非常重要的。因为搜索可以在所有的复制上并行运行，复制可以扩展你的搜索量/吞吐量</li>
<li>总之，每个索引可以被分成多个分片。一个索引也可以被复制0次（即没有复制） 或多次。一旦复制了，每个索引就有了主分片（作为复制源的分片）和复制分片（主分片的拷贝）。</li>
<li>分片和复制的数量可以在索引创建的时候指定。在索引创建之后，你可以在任何时候动态地改变复制的数量，但是你不能再改变分片的数量。</li>
<li>5.X默认5:1&nbsp;&nbsp; 5个主分片，1个复制分片</li>


























































</ul>
<p>默认情况下，Elasticsearch中的每个索引分配5个主分片和1个复制。这意味着，如果你的集群中至少有两个节点，你的索引将会有5个主分片和另外5个复制分片（1个完全拷贝），这样每个索引总共就有10个分片。</p>
<h2>2elasticsearch . yml 明细</h2>
<div class="cnblogs_code">
<pre># ======================== Elasticsearch Configuration =========================<span style="color: #000000;">
# NOTE: Elasticsearch comes with reasonable defaults </span><span style="color: #0000ff;">for</span><span style="color: #000000;"> most settings.
#       Before you </span><span style="color: #0000ff;">set</span> <span style="color: #0000ff;">out</span><span style="color: #000000;"> to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node </span><span style="color: #0000ff;">is</span> via <span style="color: #0000ff;">this</span><span style="color: #000000;"> file. This template lists
# the most important settings you may want to configure </span><span style="color: #0000ff;">for</span><span style="color: #000000;"> a production cluster.
#
# Please consult the documentation </span><span style="color: #0000ff;">for</span><span style="color: #000000;"> further information on configuration options:
# https:</span><span style="color: #008000;">//</span><span style="color: #008000;">www.elastic.co/guide/en/elasticsearch/reference/index.html</span>
<span style="color: #000000;">#
# </span>---------------------------------- Cluster -----------------------------------<span style="color: #000000;">
#
# Use a descriptive name </span><span style="color: #0000ff;">for</span><span style="color: #000000;"> your cluster:
#cluster.name: my</span>-<span style="color: #000000;">application
#
# </span>------------------------------------ Node ------------------------------------<span style="color: #000000;">
#
# Use a descriptive name </span><span style="color: #0000ff;">for</span><span style="color: #000000;"> the node:
#
#node.name: node</span>-<span style="color: #800080;">1</span><span style="color: #000000;">
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# </span>----------------------------------- Paths ------------------------------------<span style="color: #000000;">
#
# Path to directory </span><span style="color: #0000ff;">where</span><span style="color: #000000;"> to store the data (separate multiple locations by comma):
#
#path.data: </span>/path/to/<span style="color: #000000;">data
#
# Path to log files:
#
#path.logs: </span>/path/to/<span style="color: #000000;">logs
#
# </span>----------------------------------- Memory -----------------------------------<span style="color: #000000;">
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: </span><span style="color: #0000ff;">true</span><span style="color: #000000;">
#
# Make sure that the heap size </span><span style="color: #0000ff;">is</span> <span style="color: #0000ff;">set</span><span style="color: #000000;"> to about half the memory available
# on the system and that the owner of the process </span><span style="color: #0000ff;">is</span> allowed to use <span style="color: #0000ff;">this</span><span style="color: #000000;">
# limit.
#
# Elasticsearch performs poorly when the system </span><span style="color: #0000ff;">is</span><span style="color: #000000;"> swapping the memory.
#
# </span>---------------------------------- Network -----------------------------------<span style="color: #000000;">
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: </span><span style="color: #800080;">192.168</span>.<span style="color: #800080;">0.1</span><span style="color: #000000;">
#
# Set a custom port </span><span style="color: #0000ff;">for</span><span style="color: #000000;"> HTTP:
#
#http.port: </span><span style="color: #800080;">9200</span><span style="color: #000000;">
#
# For more information, consult the network module documentation.
#
# </span>--------------------------------- Discovery ----------------------------------<span style="color: #000000;">
#
# Pass an initial list of hosts to perform discovery when </span><span style="color: #0000ff;">new</span> node <span style="color: #0000ff;">is</span><span style="color: #000000;"> started:
# The </span><span style="color: #0000ff;">default</span> list of hosts <span style="color: #0000ff;">is</span> [<span style="color: #800000;">"</span><span style="color: #800000;">127.0.0.1</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">[::1]</span><span style="color: #800000;">"</span><span style="color: #000000;">]
#
#discovery.zen.ping.unicast.hosts: [</span><span style="color: #800000;">"</span><span style="color: #800000;">host1</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">host2</span><span style="color: #800000;">"</span><span style="color: #000000;">]
#
# Prevent the </span><span style="color: #800000;">"</span><span style="color: #800000;">split brain</span><span style="color: #800000;">"</span> by configuring the majority of nodes (total number of master-eligible nodes / <span style="color: #800080;">2</span> + <span style="color: #800080;">1</span><span style="color: #000000;">):
#
#discovery.zen.minimum_master_nodes:
#
# For more information, consult the zen discovery module documentation.
#
# </span>---------------------------------- Gateway -----------------------------------<span style="color: #000000;">
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: </span><span style="color: #800080;">3</span><span style="color: #000000;">
#
# For more information, consult the gateway module documentation.
#
# </span>---------------------------------- Various -----------------------------------<span style="color: #000000;">
#
# Require </span><span style="color: #0000ff;">explicit</span><span style="color: #000000;"> names when deleting indices:
#
#action.destructive_requires_name: </span><span style="color: #0000ff;">true</span></pre>
</div>
<h2>二 安装</h2>
<h2>1 集群部署</h2>
<table style="height: 115px; width: 547px; background-color: #42bcb5;">
<thead>
<tr class="header"><th style="text-align: center;">系统</th><th style="text-align: center;">节点名称</th><th style="text-align: center;">IP</th><th style="text-align: center;">
<p>Filebeat</p>
</th><th style="text-align: center;">
<p>Logstash</p>
</th><th style="text-align: center;">
<p>Elasticsearch</p>
</th><th style="text-align: center;">
<p>kibana</p>
</th></tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: center;">CentOS7.5</td>
<td style="text-align: center;">node21</td>
<td style="text-align: center;">192.168.100.21</td>
<td style="text-align: center;">&radic;</td>
<td style="text-align: center;">&nbsp;&radic;</td>
<td style="text-align: center;">&radic;</td>
<td style="text-align: center;">&nbsp;&radic;</td>
</tr>
<tr class="even">
<td style="text-align: center;">CentOS7.5</td>
<td style="text-align: center;">node22</td>
<td style="text-align: center;">192.168.100.22</td>
<td style="text-align: center;">&radic;</td>
<td style="text-align: center;">&nbsp;</td>
<td style="text-align: center;">&radic;</td>
<td style="text-align: center;">&nbsp;</td>
</tr>
<tr class="odd">
<td style="text-align: center;">CentOS7.5</td>
<td style="text-align: center;">node23</td>
<td style="text-align: center;">192.168.100.23</td>
<td style="text-align: center;">&nbsp;</td>
<td style="text-align: center;">&nbsp;</td>
<td style="text-align: center;">&radic;</td>
<td style="text-align: center;">&nbsp;</td>
</tr>
</tbody>
</table>
<p>Elasticsearch的目录结构</p>
<table style="height: 191px; width: 550px;" border="1">
<tbody>
<tr>
<td style="text-align: center;">文件夹</td>
<td style="text-align: center;">作用</td>
</tr>
<tr>
<td style="text-align: center;">bin</td>
<td style="text-align: left;">运行ElasticSearch实例和管理插件的一些脚本</td>
</tr>
<tr>
<td style="text-align: center;">config</td>
<td style="text-align: left;">放的是配置文件：elasticsearch.yml，jvm.options，log4j2.properties</td>
</tr>
<tr>
<td style="text-align: center;">lib</td>
<td style="text-align: left;">ElasticSearch使用的库</td>
</tr>
<tr>
<td style="text-align: center;">logs</td>
<td style="text-align: left;">日志的文件夹</td>
</tr>
<tr>
<td style="text-align: center;">modules</td>
<td style="text-align: left;">&nbsp;</td>
</tr>
<tr>
<td style="text-align: center;">plugins</td>
<td style="text-align: left;">&nbsp;</td>
</tr>
</tbody>
</table>
<p><span style="font-family: 'Microsoft YaHei';"><code>config/elasticsearch.yml 主配置文件</code></span></p>
<p><span style="font-family: 'Microsoft YaHei';"><code></code><code>config/jvm.options jvm参数配置文件</code></span></p>
<p><span style="font-family: 'Microsoft YaHei';"><code>cofnig/log4j2.properties 日志配置文件</code></span></p>
<h2><span style="font-family: 'Microsoft YaHei';">2&nbsp;</span>elasticsearch安装</h2>
<h3><span style="font-family: 'Microsoft YaHei';">2.1&nbsp; 准备环境</span></h3>
<p>1）jdk安装：官方建议java -version 1.8_131以上，我这里安装的jdk1.8_171</p>
<p>2）出于系统安全考虑，ElasticSearch不允许以root用户模式运行，我这里已创建用户admin</p>
<h3>2.2&nbsp; 解压安装</h3>
<p>创建文件夹elk，解压到elk文件</p>
<div class="cnblogs_code">
<pre>[admin@node21 software]$ tar zxvf elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>.tar.gz -C /opt/module/elk</pre>
</div>
<h3>2.3&nbsp;集群配置</h3>
<div class="cnblogs_code">
<pre><span style="color: #000000;">cluster.name: myescluster         #自定义修改一个集群名称
node.name: node21                 #节点名称
network.host: </span><span style="color: #800080;">192.168</span>.<span style="color: #800080;">100.21</span><span style="color: #000000;">      #节点IP（或者解析的主机名）
bootstrap.memory_lock: </span><span style="color: #0000ff;">true</span><span style="color: #000000;">          #设置elasticsearch的进程锁住内存
discovery.zen.ping.unicast.hosts: [</span><span style="color: #800000;">"</span><span style="color: #800000;">192.168.100.21</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">192.168.100.22</span><span style="color: #800000;">"</span>,<span style="color: #800000;">"</span><span style="color: #800000;">192.168.100.23</span><span style="color: #800000;">"</span><span style="color: #000000;">]  #集群个节点IP地址
discovery.zen.minimum_master_nodes: </span><span style="color: #800080;">2</span>      #为了避免脑裂，集群节点数最少为 半数+<span style="color: #800080;">1</span></pre>
</div>
<h3 id="jvm配置">2.4&nbsp; JVM配置</h3>
<div class="cnblogs_code">
<pre>vi elasticsearch/config/<span style="color: #000000;">jvm.options
</span>-<span style="color: #000000;">Xms1g                                                  # JVM最大、最小使用内存</span>-Xmx1g</pre>
</div>
<h3>2.5&nbsp; 分发es安装包</h3>
<div class="cnblogs_code">
<pre>[admin@node21 elk]$ scp -r elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span> admin@node22:/opt/module/elk<span style="color: #000000;">
[admin@node21 elk]$ scp </span>-r elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span> admin@node23:/opt/module/elk<span style="color: #000000;">
修改node22，node23节点配置文件elasticsearch.yml中的主机名和ip</span></pre>
</div>
<h3>2.6&nbsp; 启动集群</h3>
<p>前台启动：进入到elasticsearch-6.2.4安装目录的bin目录下</p>
<div class="cnblogs_code">
<p>[admin@node21 bin]$&nbsp;./elasticsearch</p>
</div>
<p>此时会有一个初始化的过程，内容如下</p>
<div class="cnblogs_code" onclick="cnblogs_code_show('2796ff41-0b6e-4fc9-8af9-0ffbdc0d5212')"><img id="code_img_closed_2796ff41-0b6e-4fc9-8af9-0ffbdc0d5212" class="code_img_closed" src="https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif" alt="" /><img id="code_img_opened_2796ff41-0b6e-4fc9-8af9-0ffbdc0d5212" class="code_img_opened" style="display: none;" onclick="cnblogs_code_hide('2796ff41-0b6e-4fc9-8af9-0ffbdc0d5212',event)" src="https://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif" alt="" />
<div id="cnblogs_code_open_2796ff41-0b6e-4fc9-8af9-0ffbdc0d5212" class="cnblogs_code_hide">
<pre>[<span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">02</span>,<span style="color: #800080;">506</span><span style="color: #000000;">][INFO ][o.e.n.Node               ] [node21] initializing ...
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">02</span>,<span style="color: #800080;">830</span>][INFO ][o.e.e.NodeEnvironment    ] [node21] <span style="color: #0000ff;">using</span> [<span style="color: #800080;">1</span>] data paths, mounts [[/ (rootfs)]], net usable_space [<span style="color: #800080;">91</span>.2gb], net total_space [<span style="color: #800080;">97</span><span style="color: #000000;">.6gb], 
types [rootfs][</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">02</span>,<span style="color: #800080;">831</span>][INFO ][o.e.e.NodeEnvironment    ] [node21] heap size [<span style="color: #800080;">1015</span>.6mb], compressed ordinary <span style="color: #0000ff;">object</span> pointers [<span style="color: #0000ff;">true</span><span style="color: #000000;">]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">02</span>,<span style="color: #800080;">869</span><span style="color: #000000;">][INFO ][o.e.n.Node               ] [node21] node name [node21], node ID [z14A4EeXSOqvqdp4J1htzQ]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">02</span>,<span style="color: #800080;">870</span>][INFO ][o.e.n.Node               ] [node21] version[<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>], pid[<span style="color: #800080;">2265</span>], build[ccec39f/<span style="color: #800080;">2018</span>-<span style="color: #800080;">04</span>-12T20:<span style="color: #800080;">37</span>:<span style="color: #800080;">28</span>.497551Z], OS[Linux/<span style="color: #800080;">3.10</span>.<span style="color: #800080;">0</span>-<span style="color: #800080;">862</span><span style="color: #000000;">.el7.x86
_64</span>/amd64], JVM[Oracle Corporation/Java HotSpot(TM) <span style="color: #800080;">64</span>-Bit Server VM/<span style="color: #800080;">1.8</span>.0_171/<span style="color: #800080;">25.171</span>-b11][<span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">02</span>,<span style="color: #800080;">870</span>][INFO ][o.e.n.Node               ] [node21] JVM arguments [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=<span style="color: #800080;">75</span>, -<span style="color: #000000;">XX
:</span>+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=<span style="color: #0000ff;">true</span>, -Dfile.encoding=UTF-<span style="color: #800080;">8</span>, -Djna.nosys=<span style="color: #0000ff;">true</span>, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=<span style="color: #0000ff;">true</span>, -Dio.netty.noKeySetOptimization=<span style="color: #0000ff;">true</span>, -Dio.netty.recycler.maxCapacityPerThread=<span style="color: #800080;">0</span>, -Dlog4j.shutdownHookEnabled=<span style="color: #0000ff;">false</span>, -Dlog4j2.disable.jmx=<span style="color: #0000ff;">true</span>, -Djava.io.tmpdir=/tmp/elasticsearch.56PUO1hY, -XX:+HeapDumpOnOutOfMemoryError, -XX:+PrintGCDetails, -XX:+PrintGCDateStamps, -XX:+PrintTenuringDistribution, -XX:+PrintGCApplicationStoppedTime, -Xloggc:logs/gc.log, -XX:+UseGCLogFileRotation, -XX:NumberOfGCLogFiles=<span style="color: #800080;">32</span>, -XX:GCLogFileSize=64m, -Des.path.home=/opt/module/elk/elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>, -Des.path.conf=/opt/module/elk/elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>/config][<span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">06</span>,<span style="color: #800080;">699</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [aggs-matrix-<span style="color: #000000;">stats]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">06</span>,<span style="color: #800080;">699</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [analysis-<span style="color: #000000;">common]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">06</span>,<span style="color: #800080;">699</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [ingest-<span style="color: #000000;">common]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">06</span>,<span style="color: #800080;">699</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [lang-<span style="color: #000000;">expression]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">06</span>,<span style="color: #800080;">700</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [lang-<span style="color: #000000;">mustache]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">06</span>,<span style="color: #800080;">700</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [lang-<span style="color: #000000;">painless]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">06</span>,<span style="color: #800080;">700</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [mapper-<span style="color: #000000;">extras]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">06</span>,<span style="color: #800080;">700</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [parent-<span style="color: #000000;">join]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">06</span>,<span style="color: #800080;">700</span><span style="color: #000000;">][INFO ][o.e.p.PluginsService     ] [node21] loaded module [percolator]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">06</span>,<span style="color: #800080;">700</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [rank-<span style="color: #000000;">eval]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">06</span>,<span style="color: #800080;">701</span><span style="color: #000000;">][INFO ][o.e.p.PluginsService     ] [node21] loaded module [reindex]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">06</span>,<span style="color: #800080;">701</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [repository-<span style="color: #000000;">url]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">06</span>,<span style="color: #800080;">701</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [transport-<span style="color: #000000;">netty4]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">06</span>,<span style="color: #800080;">701</span><span style="color: #000000;">][INFO ][o.e.p.PluginsService     ] [node21] loaded module [tribe]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">06</span>,<span style="color: #800080;">702</span><span style="color: #000000;">][INFO ][o.e.p.PluginsService     ] [node21] no plugins loaded
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">18</span>,<span style="color: #800080;">463</span>][INFO ][o.e.d.DiscoveryModule    ] [node21] <span style="color: #0000ff;">using</span><span style="color: #000000;"> discovery type [zen]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">21</span>,<span style="color: #800080;">505</span><span style="color: #000000;">][INFO ][o.e.n.Node               ] [node21] initialized
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T04:<span style="color: #800080;">43</span>:<span style="color: #800080;">21</span>,<span style="color: #800080;">505</span>][INFO ][o.e.n.Node               ] [node21] starting ...</pre>
</div>
<span class="cnblogs_code_collapse">View Code</span></div>
<p>后台启动&nbsp;</p>
<div class="cnblogs_code">
<pre>nohup./bin/elasticsearch&amp;<span style="color: #000000;">
或者 </span>/bin/elasticsearch -d</pre>
</div>
<p>&nbsp;页面查看，默认端口 9200</p>
<div class="cnblogs_code">
<pre>http:<span style="color: #008000;">//</span><span style="color: #008000;">node21:9200/</span></pre>
</div>
<h2><img src="https://images2018.cnblogs.com/blog/1385722/201806/1385722-20180607190122512-1533769454.png" alt="" /></h2>
<h2>3&nbsp; 插件安装</h2>
<h3>1&nbsp;head插件</h3>
<p>下载地址：<a href="https://github.com/mobz/elasticsearch-head" target="_blank">https://github.com/mobz/elasticsearch-head</a>&nbsp;</p>
<p><strong>介绍：</strong>head插件是ES的一个可视化插件，类似于navicat和mysql的关系。head插件是一个用来浏览、与ES数据进行交互的web前端展示插件，是一个用来监视ES状态的客户端插件。</p>
<p>由于head插件本质上还是一个nodejs的工程，因此需要安装node，使用npm来安装依赖的包。（npm其实是Node.js的包管理工具，可以理解为maven）</p>
<p><strong>（1）下载NodeJS</strong></p>
<p><strong>1 下载地址：<a href="https://nodejs.org/en/download/" target="_blank"><code class="hljs ruby has-numbering"><span class="hljs-symbol">https:/<span class="hljs-regexp">/nodejs.org/en<span class="hljs-regexp">/download/</span></span></span></code></a></strong></p>
<p><strong><span class="hljs-symbol"><span class="hljs-regexp"><span class="hljs-regexp"><img src="https://images2018.cnblogs.com/blog/1385722/201806/1385722-20180606174117952-1339496732.png" alt="" /></span></span></span></strong></p>
<p id="2安装nodejs"><strong>2 安装nodejs</strong></p>
<p><strong>由于下载下来的是xz文件，node-v8.11.2-linux-x64.tar.xz，Linux上大部分情况下不能直接解压tar.xz的文件。需要用xz -d xxx.tar.xz 将 xxx.tar.xz解压成 xxx.tar 然后，再用 tar xvf xxx.tar来解包（报</strong>错先安装xz，执行yum -y install&nbsp;xz）</p>
<div class="cnblogs_code">
<pre>[admin@node21 software]$ xz -d node-v8.<span style="color: #800080;">11.2</span>-linux-<span style="color: #000000;">x64.tar.xz 
[admin@node21 software]$ tar  xvf node</span>-v8.<span style="color: #800080;">11.2</span>-linux-x64.tar -C /opt/module/elk</pre>
</div>
<p>配置环境变量 vi&nbsp; /etc/profile</p>
<div class="cnblogs_code">
<pre>export NODE_HOME=/opt/module/elk/node-v8.<span style="color: #800080;">11.2</span>-linux-<span style="color: #000000;">x64
export PATH</span>=$NODE_HOME/bin:$PATH</pre>
</div>
<p>source /etc/profile 环境变量生效</p>
<p><strong>3&nbsp;</strong><strong>下载head插件头</strong></p>
<div class="cnblogs_code">
<p>[admin@node21 elk]$ wget https://github.com/mobz/elasticsearch-head/archive/master.zip</p>
</div>
<p>解压，会出现一个elasticsearch-head-master文件</p>
<div class="cnblogs_code">
<pre>[admin@node21 elk]$ unzip master.zip</pre>
</div>
<p>4&nbsp;<strong>使用npm安装grunt</strong></p>
<p><strong>设置npm的代理镜像，由于国外的下载较慢，所以设置为国内的，进入到elasticsearch-head-master内执行以下命令</strong></p>
<div class="cnblogs_code">
<p>&nbsp;[admin@node21 elasticsearch-head-master]$ npm config set registry https://registry.npm.taobao.org</p>
</div>
<p><strong>执行npm install，grunt是基于Node.js的项目构建工具，可以进行打包压缩，测试，执行等等的工作，head插件就是通过grunt启动。&nbsp;</strong></p>
<div class="cnblogs_code">
<pre>[admin@node21 elasticsearch-head-<span style="color: #000000;">master]$ npm install -g grunt
[admin@node21 elasticsearch</span>-head-master]$ npm install</pre>
</div>
<p>版本确认：</p>
<div class="cnblogs_code">
<pre>[admin@node21 software]$ node -<span style="color: #000000;">v
v8.</span><span style="color: #800080;">11.2</span><span style="color: #000000;">
[admin@node21 software]$ npm </span>-<span style="color: #000000;">v
</span><span style="color: #000000;"><span style="color: #800080;">6.1.0</span></span><span style="color: #000000;">
[admin@node21 software]$ grunt </span>-<span style="color: #000000;">version
grunt</span>-cli v1.<span style="color: #800080;">2.0<br /></span>grunt v1.0.1</pre>
</div>
<p><strong>5 修改Head源码</strong></p>
<p><strong>由于head的代码直接执行有很多限制，比如无法跨机器访问。因此需要用户修改两个地方：</strong></p>
<p>&nbsp;1）修改 elasticsearch-head-master/Gruntfile.js 文件，<span style="color: #ff0000;">红色部分为添加的</span>，原来没有，设置hostname属性，设置为0.0.0.0</p>
<div class="cnblogs_code">
<pre>[admin@node21 elasticsearch-head-<span style="color: #000000;">master]$ vi Gruntfile.js 
             connect: {
                        server: {
                                options: {
                                     <span style="color: #ff0000;">   hostname: </span></span><span style="color: #ff0000;">'0.0.0.0'</span><span style="color: #000000;"><span style="color: #ff0000;">,</span>
                                        port: </span><span style="color: #800080;">9100</span><span style="color: #000000;">,
                                        </span><span style="color: #0000ff;">base</span>: <span style="color: #800000;">'</span><span style="color: #800000;">.</span><span style="color: #800000;">'</span><span style="color: #000000;">,
                                        keepalive: </span><span style="color: #0000ff;">true</span><span style="color: #000000;">
                                }
                        }
                }</span></pre>
</div>
<p>2）修改跨域请求配置</p>
<p>不修改连接的状态如下，修改之后才能连上，这样head插件才可以访问elasticsearch。</p>
<p><img src="https://images2018.cnblogs.com/blog/1385722/201806/1385722-20180607202920341-2028051146.png" alt="" /></p>
<p>修改文件为elasticsearch-6.2.4/config/elasticsearch.yml，添加如下两行</p>
<div class="cnblogs_code">
<pre>http.cors.enabled: <span style="color: #0000ff;">true</span><span style="color: #000000;">
http.cors.allow</span>-origin: <span style="color: #800000;">"</span><span style="color: #800000;">*</span><span style="color: #800000;">"</span></pre>
</div>
<p>&nbsp;上述连接需要手动更改<span style="color: #ff0000;">http://localhost:9200/</span>中的localhost为自己的ip才能连接得上。这里修改配置文件，改为自己的ip。修改head的连接地址，进入到elasticsearch-head-master/_site里，<span style="color: #ff0000;">修改app.js</span>（提示：指定内容查找&nbsp; 如果是用vi打开文件后，在命令行下输入&ldquo;/关键字&rdquo;；&nbsp;如果是在没有打开文件的前提就用"cat 文件名 | grep "关键字""。）</p>
<div class="cnblogs_code">
<pre><span style="color: #000000;">[admin@node21 _site]$ vi app.js 
</span><span style="color: #0000ff;">this</span>.base_uri = <span style="color: #0000ff;">this</span>.config.base_uri || <span style="color: #0000ff;">this</span>.prefs.<span style="color: #0000ff;">get</span>(<span style="color: #800000;">"</span><span style="color: #800000;">app-base_uri</span><span style="color: #800000;">"</span>) || <span style="color: #800000;">"</span><span style="color: #800000;">http://<span style="color: #ff0000;">localhost</span>:9200</span><span style="color: #800000;">"</span><span style="color: #000000;">;
把localhost修改成你es的服务器地址，如:
</span><span style="color: #0000ff;">this</span>.base_uri = <span style="color: #0000ff;">this</span>.config.base_uri || <span style="color: #0000ff;">this</span>.prefs.<span style="color: #0000ff;">get</span>(<span style="color: #800000;">"</span><span style="color: #800000;">app-base_uri</span><span style="color: #800000;">"</span>) || <span style="color: #800000;">"</span><span style="color: #800000;">http://<span style="color: #ff0000;">192.168.100.21</span>:9200</span><span style="color: #800000;">"</span>;</pre>
</div>
<p>6 启动elasticsearch</p>
<p id="1启动es">1、启动ES（因为上述配置修改了elasticsearch-yml，重启才能生效。）</p>
<p>如果已经启动，先停止（/elasticsearch-6.2.4/bin）</p>
<div class="cnblogs_code">
<pre>[admin@node21 bin]$&nbsp;./elasticsearch</pre>
</div>
<p id="2启动head">2、启动head</p>
<div class="cnblogs_code">
<pre>[admin@node21 elasticsearch-head-master]$ grunt server &amp;</pre>
</div>
<p>&nbsp;页面访问，默认端口9100，绿色为健康，黄色为警告</p>
<p>&nbsp;<a href="http://192.168.100.21:9100/" target="_blank">http://192.168.100.21:9100/</a></p>
<p><img src="https://images2018.cnblogs.com/blog/1385722/201806/1385722-20180607204956410-673896500.png" alt="" /></p>
<p>3、如果出现端口被占用，可以用如下命令查找被占用端口，然后在kill掉。 <span style="color: #ff0000;">netstat -nap | grep 9100</span></p>
<p><img src="https://images2018.cnblogs.com/blog/1385722/201806/1385722-20180607202305824-640255928.png" alt="" /></p>
<h3>2&nbsp;bigdesk插件</h3>
<p>1. 下载解压，出现一个bigdesk-master的文件</p>
<div class="cnblogs_code">
<pre>[admin@node21 elk]$ wget https:<span style="color: #008000;">//</span><span style="color: #008000;">github.com/hlstudio/bigdesk/archive/master.zip<br />[admin@node21 elk]$ unzip master.zip&nbsp;</span></pre>
</div>
<p>2. 配置elasticsearch.yml<br />因为es5.x后不支持内嵌plugin，所以把下面参数打开，安装head插件也类似</p>
<p>添加：<br />http.cors.enabled: true<br />http.cors.allow-origin: "*"</p>
<p>3. 安装httpd服务<br />我这里直接通过httpd服务跑bigdesk插件</p>
<p>yum install -y httpd<br />systemctl start httpd<br />systemctl status httpd</p>
<p>4. 把bigdesk放到httpd服务目录里<br />httpd服务目录默认为：/var/www/html</p>
<p>我们把下载好的bigdesk-master.zip 解压，然后放到/var/www/html即可</p>
<div class="cnblogs_code">
<pre>[admin@node21 elk]$ sudo mv bigdesk-master/ /<span style="color: #0000ff;">var</span>/www/html/</pre>
</div>
<p>5. 访问bigdesk<br />浏览器打开 <a href="http://192.168.100.21/bigdesk-master/_site/#nodes" target="_blank">http://192.168.100.21/bigdesk-master/_site/#nodes</a>&nbsp;，点击右侧连接即可访问！</p>
<p><img src="https://images2018.cnblogs.com/blog/1385722/201806/1385722-20180608175614305-1619249105.png" alt="" /></p>
<h3>3&nbsp; IK分词器插件</h3>
<p>安装文档参考：<a href="https://github.com/medcl/elasticsearch-analysis-ik/blob/master/README.md" target="_blank">https://github.com/medcl/elasticsearch-analysis-ik/blob/master/README.md</a></p>
<p>1.下载ik分词器</p>
<div class="cnblogs_code">
<pre>[admin@node21 elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>]$ ./bin/elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v6.2.4/elasticsearch-analysis-ik-6.2.4.zip</pre>
</div>
<p>2. 重启elasticsearch</p>
<p>3. 测试IK分词器</p>
<p>创建索引</p>
<div class="cnblogs_code">
<pre>[admin@node21 bin]$ <span style="color: #ff0000;">curl -XPUT http://192.168.100.21:9200/index</span></pre>
</div>
<p><img src="https://images2018.cnblogs.com/blog/1385722/201806/1385722-20180608162227747-785503231.png" alt="" /></p>
<p>创建映射</p>
<div class="cnblogs_code">
<pre>curl -XPOST http:<span style="color: #008000;">//</span><span style="color: #008000;">192.168.100.21:9200/index/fulltext/_mapping -H 'Content-Type:application/json' -d'</span>
<span style="color: #000000;">{
        </span><span style="color: #800000;">"</span><span style="color: #800000;">properties</span><span style="color: #800000;">"</span><span style="color: #000000;">: {
            </span><span style="color: #800000;">"</span><span style="color: #800000;">content</span><span style="color: #800000;">"</span><span style="color: #000000;">: {
                </span><span style="color: #800000;">"</span><span style="color: #800000;">type</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">text</span><span style="color: #800000;">"</span><span style="color: #000000;">,
                </span><span style="color: #800000;">"</span><span style="color: #800000;">analyzer</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">ik_max_word</span><span style="color: #800000;">"</span><span style="color: #000000;">,
                </span><span style="color: #800000;">"</span><span style="color: #800000;">search_analyzer</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">ik_max_word</span><span style="color: #800000;">"</span><span style="color: #000000;">
            }
        }

}</span><span style="color: #800000;">'</span></pre>
</div>
<p>索引文档</p>
<div class="cnblogs_code">
<pre>curl -XPOST http:<span style="color: #008000;">//</span><span style="color: #008000;">192.168.100.21:9200/index/fulltext/1 -H 'Content-Type:application/json' -d'</span>
{<span style="color: #800000;">"</span><span style="color: #800000;">content</span><span style="color: #800000;">"</span>:<span style="color: #800000;">"</span><span style="color: #800000;">美国留给伊拉克的是个烂摊子吗</span><span style="color: #800000;">"</span>}<span style="color: #800000;">'<br />
</span>curl -XPOST http:<span style="color: #008000;">//</span><span style="color: #008000;">192.168.100.21:9200/index/fulltext/2 -H 'Content-Type:application/json' -d'</span>
{<span style="color: #800000;">"</span><span style="color: #800000;">content</span><span style="color: #800000;">"</span>:<span style="color: #800000;">"</span><span style="color: #800000;">公安部：各地校车将享最高路权</span><span style="color: #800000;">"</span>}<span style="color: #800000;">'
</span><span style="color: #000000;">
curl </span>-XPOST http:<span style="color: #008000;">//</span><span style="color: #008000;">192.168.100.21:9200/index/fulltext/3 -H 'Content-Type:application/json' -d'</span>
{<span style="color: #800000;">"</span><span style="color: #800000;">content</span><span style="color: #800000;">"</span>:<span style="color: #800000;">"</span><span style="color: #800000;">中韩渔警冲突调查：韩警平均每天扣1艘中国渔船</span><span style="color: #800000;">"</span>}<span style="color: #800000;">'
</span><span style="color: #000000;">
curl </span>-XPOST http:<span style="color: #008000;">//</span><span style="color: #008000;">192.168.100.21:9200/index/fulltext/4 -H 'Content-Type:application/json' -d'</span>
{<span style="color: #800000;">"</span><span style="color: #800000;">content</span><span style="color: #800000;">"</span>:<span style="color: #800000;">"</span><span style="color: #800000;">中国驻洛杉矶领事馆遭亚裔男子枪击 嫌犯已自首</span><span style="color: #800000;">"</span>}<span style="color: #800000;">'</span></pre>
</div>
<p>&nbsp;高亮查询</p>
<div class="cnblogs_code">
<pre>curl -XPOST http:<span style="color: #008000;">//</span><span style="color: #008000;">192.168.100.21:9200/index/fulltext/_search  -H 'Content-Type:application/json' -d'</span>
<span style="color: #000000;">{
    </span><span style="color: #800000;">"</span><span style="color: #800000;">query</span><span style="color: #800000;">"</span> : { <span style="color: #800000;">"</span><span style="color: #800000;">match</span><span style="color: #800000;">"</span> : { <span style="color: #800000;">"</span><span style="color: #800000;">content</span><span style="color: #800000;">"</span> : <span style="color: #800000;">"</span><span style="color: #800000;">中国</span><span style="color: #800000;">"</span><span style="color: #000000;"> }},
    </span><span style="color: #800000;">"</span><span style="color: #800000;">highlight</span><span style="color: #800000;">"</span><span style="color: #000000;"> : {
        </span><span style="color: #800000;">"</span><span style="color: #800000;">pre_tags</span><span style="color: #800000;">"</span> : [<span style="color: #800000;">"</span><span style="color: #800000;">&lt;tag1&gt;</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">&lt;tag2&gt;</span><span style="color: #800000;">"</span><span style="color: #000000;">],
        </span><span style="color: #800000;">"</span><span style="color: #800000;">post_tags</span><span style="color: #800000;">"</span> : [<span style="color: #800000;">"</span><span style="color: #800000;">&lt;/tag1&gt;</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">&lt;/tag2&gt;</span><span style="color: #800000;">"</span><span style="color: #000000;">],
        </span><span style="color: #800000;">"</span><span style="color: #800000;">fields</span><span style="color: #800000;">"</span><span style="color: #000000;"> : {
            </span><span style="color: #800000;">"</span><span style="color: #800000;">content</span><span style="color: #800000;">"</span><span style="color: #000000;"> : {}
        }
    }
}</span><span style="color: #800000;">'</span></pre>
</div>
<p>此时会显示两条数据，或者页面查询context带有中国</p>
<p><img src="https://images2018.cnblogs.com/blog/1385722/201806/1385722-20180608173421448-982039397.png" alt="" /></p>
<h4>Dictionary Configuration</h4>
<p><code>IKAnalyzer.cfg.xml</code>&nbsp;can be located at&nbsp;<code>{conf}/analysis-ik/config/IKAnalyzer.cfg.xml</code>&nbsp;or&nbsp;<code>{plugins}/elasticsearch-analysis-ik-*/config/IKAnalyzer.cfg.xml</code></p>
<div class="highlight highlight-text-xml">
<pre>&lt;?<span class="pl-ent">xml<span class="pl-e"> version=<span class="pl-s"><span class="pl-pds">"1.0<span class="pl-pds">"<span class="pl-e"> encoding=<span class="pl-s"><span class="pl-pds">"UTF-8<span class="pl-pds">"?&gt;
&lt;!<span class="pl-k">DOCTYPE <span class="pl-c1">properties SYSTEM "http://java.sun.com/dtd/properties.dtd"&gt;
&lt;<span class="pl-ent">properties&gt;
	&lt;<span class="pl-ent">comment&gt;IK Analyzer 扩展配置&lt;/<span class="pl-ent">comment&gt;
	<span class="pl-c"><span class="pl-c">&lt;!--用户可以在这里配置自己的扩展字典 <span class="pl-c">--&gt;
	&lt;<span class="pl-ent">entry <span class="pl-e">key=<span class="pl-s"><span class="pl-pds">"ext_dict<span class="pl-pds">"&gt;custom/mydict.dic;custom/single_word_low_freq.dic&lt;/<span class="pl-ent">entry&gt;
	 <span class="pl-c"><span class="pl-c">&lt;!--用户可以在这里配置自己的扩展停止词字典<span class="pl-c">--&gt;
	&lt;<span class="pl-ent">entry <span class="pl-e">key=<span class="pl-s"><span class="pl-pds">"ext_stopwords<span class="pl-pds">"&gt;custom/ext_stopword.dic&lt;/<span class="pl-ent">entry&gt;
 	<span class="pl-c"><span class="pl-c">&lt;!--用户可以在这里配置远程扩展字典 <span class="pl-c">--&gt;
	&lt;<span class="pl-ent">entry <span class="pl-e">key=<span class="pl-s"><span class="pl-pds">"remote_ext_dict<span class="pl-pds">"&gt;location&lt;/<span class="pl-ent">entry&gt;
 	<span class="pl-c"><span class="pl-c">&lt;!--用户可以在这里配置远程扩展停止词字典<span class="pl-c">--&gt;
	&lt;<span class="pl-ent">entry <span class="pl-e">key=<span class="pl-s"><span class="pl-pds">"remote_ext_stopwords<span class="pl-pds">"&gt;http://xxx.com/xxx.dic&lt;/<span class="pl-ent">entry&gt;
&lt;/<span class="pl-ent">properties&gt;</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></pre>
</div>
<h4><a id="user-content-热更新-ik-分词使用方法" class="anchor" href="https://github.com/medcl/elasticsearch-analysis-ik#%E7%83%AD%E6%9B%B4%E6%96%B0-ik-%E5%88%86%E8%AF%8D%E4%BD%BF%E7%94%A8%E6%96%B9%E6%B3%95"></a>热更新 IK 分词使用方法</h4>
<p>目前该插件支持热更新 IK 分词，通过上文在 IK 配置文件中提到的如下配置</p>
<div class="highlight highlight-text-xml" style="text-align: left;">
<pre> 	<span class="pl-c"><span class="pl-c">&lt;!--用户可以在这里配置远程扩展字典 <span class="pl-c">--&gt;
	&lt;<span class="pl-ent">entry <span class="pl-e">key=<span class="pl-s"><span class="pl-pds">"remote_ext_dict<span class="pl-pds">"&gt;location&lt;/<span class="pl-ent">entry&gt;
 	<span class="pl-c"><span class="pl-c">&lt;!--用户可以在这里配置远程扩展停止词字典<span class="pl-c">--&gt;
	&lt;<span class="pl-ent">entry <span class="pl-e">key=<span class="pl-s"><span class="pl-pds">"remote_ext_stopwords<span class="pl-pds">"&gt;location&lt;/<span class="pl-ent">entry&gt;</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></pre>
</div>
<p>其中&nbsp;<code>location</code>&nbsp;是指一个 url，比如&nbsp;<code>http://yoursite.com/getCustomDict</code>，该请求只需满足以下两点即可完成分词热更新。</p>
<ol>
<li>
<p>该 http 请求需要返回两个头部(header)，一个是&nbsp;<code>Last-Modified</code>，一个是&nbsp;<code>ETag</code>，这两者都是字符串类型，只要有一个发生变化，该插件就会去抓取新的分词进而更新词库。</p>
</li>
<li>
<p>该 http 请求返回的内容格式是一行一个分词，换行符用&nbsp;<code>\n</code>&nbsp;即可。</p>
</li>
</ol>
<p>满足上面两点要求就可以实现热更新分词了，不需要重启 ES 实例。</p>
<p>可以将需自动更新的热词放在一个 UTF-8 编码的 .txt 文件里，放在 nginx 或其他简易 http server 下，当 .txt 文件修改时，http server 会在客户端请求该文件时自动返回相应的 Last-Modified 和 ETag。可以另外做一个工具来从业务系统提取相关词汇，并更新这个 .txt 文件。</p>
<h3>4&nbsp; marvel插件</h3>
<p>Marvel<span lang="zh-cn" xml:lang="zh-cn">能够让你通过<span lang="en-us" xml:lang="en-us">Kibana<span lang="zh-cn" xml:lang="zh-cn">非常容易的监视<span lang="en-us" xml:lang="en-us">ES<span lang="zh-cn" xml:lang="zh-cn">。你能实时的观察集群（<span lang="en-us" xml:lang="en-us">your cluster<span lang="zh-cn" xml:lang="zh-cn">）的健康和表现也能分析过去的集群、索引和节点指标。</span></span></span></span></span></span></span></p>
<p><span lang="en-us" xml:lang="en-us">Marvel<span lang="zh-cn" xml:lang="zh-cn">由两部分组成：<span lang="en-us" xml:lang="en-us">Marvel<span lang="zh-cn" xml:lang="zh-cn">代理：在你的集群中安装在每一个节点上；<span lang="en-us" xml:lang="en-us">Marvel<span lang="zh-cn" xml:lang="zh-cn">应用：安装在<span lang="en-us" xml:lang="en-us">Kibana<span lang="zh-cn" xml:lang="zh-cn">。</span></span></span></span></span></span></span></span></p>
<p>&nbsp;</p>
<h2>三&nbsp; filebeat安装</h2>
<p>官方文档：<a href="https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html" target="_blank">https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html</a></p>
<h3><span><span>Filebeat入门</span></span></h3>
<ul class="itemizedlist" type="disc">
<li class="listitem"><a class="xref" title="第1步：安装Filebeat" href="https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation.html">第1步：安装Filebeat</a></li>
<li class="listitem"><a class="xref" title="第2步：配置Filebeat" href="https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-configuration.html">第2步：配置Filebeat</a></li>
<li class="listitem"><a class="xref" title="步骤3：配置Filebeat以使用Logstash" href="https://www.elastic.co/guide/en/beats/filebeat/current/config-filebeat-logstash.html">步骤3：配置Filebeat以使用Logstash</a></li>
<li class="listitem"><a class="xref" title="第4步：在Elasticsearch中加载索引模板" href="https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-template.html">第4步：在Elasticsearch中加载索引模板</a></li>
<li class="listitem"><a class="xref" title="第5步：设置Kibana仪表板" href="https://www.elastic.co/guide/en/beats/filebeat/current/load-kibana-dashboards.html">第5步：设置Kibana仪表板</a></li>
<li class="listitem"><a class="xref" title="第6步：启动Filebeat" href="https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-starting.html">第6步：启动Filebeat</a></li>
<li class="listitem"><a class="xref" title="第7步：查看示例Kibana仪表板" href="https://www.elastic.co/guide/en/beats/filebeat/current/view-kibana-dashboards.html">第7步：查看示例Kibana仪表板</a></li>
</ul>
<h3>3.1 下载安装</h3>
<div class="cnblogs_code">
<pre>[admin@node21 elk]$ curl -L -O https:<span style="color: #008000;">//</span><span style="color: #008000;">artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.2.4-x86_64.rpm</span>
[admin@node21 elk]$ sudo rpm -vi filebeat-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>-x86_64.rpm</pre>
</div>
<h3>3.2&nbsp;编辑filebeat.yml</h3>
<p>rpm安装的filebeat，<span><span>配置文件在</span></span><code class="literal">/etc/filebeat/filebeat.yml，这里做默认日志的测试，简单的修改如下</code></p>
<div class="cnblogs_code">
<pre><span style="color: #000000;">filebeat.prospectors:
</span>-<span style="color: #000000;"> type: log
  enabled: </span><span style="color: #ff0000;">true</span><span style="color: #000000;">
  paths:
    </span>- /<span style="color: #0000ff;">var</span>/log<span style="color: #008000;">/*</span><span style="color: #008000;">.log</span></pre>
</div>
<h3>3.3&nbsp;<span><span>运行启动守护进程&nbsp;</span></span></h3>
<div class="cnblogs_code">
<pre>sudo ./filebeat -e -c filebeat.yml</pre>
</div>
<h2>四&nbsp; logstash安装</h2>
<h3 class="title"><span>Logstash参考</span></h3>
<ul class="toc">
<li id="book_title"><span>Logstash参考：&nbsp;</span><select>
<option value="master">主</option>
<option value="6.x">6.x的</option>
<option value="6.3">6.3</option>
<option selected="selected" value="6.2">6.2（​​当前）</option>
<option value="6.1">6.1</option>
<option value="6.0">6</option>
<option value="5.6">5.6</option>
<option value="5.5">5.5</option>
<option value="5.4">5.4</option>
<option value="5.3">5.3</option>
<option value="5.2">5.2</option>
<option value="5.1">5.1</option>
<option value="5.0">5</option>
<option value="2.4">2.4</option>
<option value="2.3">2.3</option>
<option value="2.2">2.2</option>
<option value="2.1">2.1</option>
<option value="2.0">2.0</option>
<option value="1.5">1.5</option>
</select></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/introduction.html">Logstash介绍</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/getting-started-with-logstash.html">Logstash入门</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/pipeline.html">Logstash如何工作</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/setup-logstash.html">设置并运行Logstash</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/setup-xpack.html">设置X-Pack</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/breaking-changes.html">打破变化</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/breaking-changes-xls.html">X-Pack突破性改变</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/upgrading-logstash.html">升级Logstash</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/configuration.html">配置Logstash</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/config-management.html">管理Logstash</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/logstash-modules.html">使用Logstash模块</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/filebeat-modules.html">使用Filebeat模块</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/resiliency.html">数据弹性</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/transformation.html">转换数据</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/deploying-and-scaling.html">部署和扩展Logstash</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/performance-tuning.html">性能调整</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/monitoring-logstash.html">监视Logstash</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/monitoring.html">监视API</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/working-with-plugins.html">使用插件</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/input-plugins.html">输入插件</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/output-plugins.html">输出插件</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/filter-plugins.html">过滤插件</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/codec-plugins.html">编解码器插件</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/contributing-to-logstash.html">为Logstash做出贡献</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/glossary.html">专业术语</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/releasenotes.html">发行说明</a></span></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/logstash/current/release-notes-xls.html">X-Pack发行说明</a></span></li>
</ul>
<h3>4.1 下载解压缩</h3>
<div class="cnblogs_code">
<pre>[admin@node21 elk]$ wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.4.tar.gz
[admin@node21 elk]$ tar zxvf logstash-6.2.4.tar.gz </pre>
</div>
<h3>4.2 创建配置文件</h3>
<p>一个Logstash的pipeline由3部分组成：input, filter, output。</p>
<div class="cnblogs_code">
<pre><span>[admin@node21 datas]$ pwd
/opt/<span>datas
[admin@node21 datas]$ vi logstash-simple.conf</span></span></pre>
</div>
<p>logstash-simple.conf内容如下</p>
<div class="cnblogs_code">
<pre><span>input { stdin { } }
output {
  elasticsearch { hosts =&gt; ["192.168.100.21:9200"<span>] }
  stdout { codec =&gt;<span> rubydebug }
}</span></span></span></pre>
</div>
<h3>4.3 运行logstash</h3>
<div class="cnblogs_code">
<pre><span>[admin@node21 bin]$ pwd
/opt/module/elk/logstash-6.2.4/<span>bin
[admin@node21 bin]$ ./logstash -f /opt/datas/logstash-simple.conf</span></span></pre>
</div>
<p>这个pipeline例子从标准输入获取数据&nbsp;<code>stdin</code>，并把结构化数据输出到标准输出<code>stdout</code>。在启动后，看到日志<code>Pipeline main started</code>后，在终端中输入<code>hello world</code>，可以在终端中看到对应输出：</p>
<div class="cnblogs_code"><img id="code_img_closed_837a6bae-97ed-4353-ac49-dd73d98b2a8f" class="code_img_closed" src="https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif" alt="" /><span class="cnblogs_code_collapse">View Code</span></div>
<p>在企业架构中，一般Logstash的input是beat，output是ES，需要对应的插件。</p>
<p>安装beat input插件：</p>
<p class="hljs sql"><code class="sql">构建离线插件包：&nbsp;</code>bin/logstash-plugin prepare-offline-pack logstash-input-beats</p>
<p class="hljs sql"><code class="sql"><span class="hljs-keyword"><span class="hljs-keyword"><span class="hljs-keyword">安装离线插件包：&nbsp;</span></span></span></code>bin/logstash-plugin install file:///path/to/logstash-offline-plugins-6.2.4.zip</p>
<div class="cnblogs_code">
<pre>[admin@node21 bin]$ ./logstash-plugin prepare-offline-pack logstash-input-<span style="color: #000000;">beats
Offline package created at: </span>/opt/module/elk/logstash-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>/logstash-offline-plugins-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span><span style="color: #000000;">.zip
You can install it with </span><span style="color: #0000ff;">this</span> command `bin/logstash-plugin install file:<span style="color: #808080;">///</span><span style="color: #008000;">opt/module/elk/logstash-6.2.4/logstash-offline-plugins-6.2.4.zip`</span>
[admin@node21 bin]$ ./logstash-plugin install file:<span style="color: #808080;">///</span><span style="color: #008000;">opt/module/elk/logstash-6.2.4/logstash-offline-plugins-6.2.4.zip</span></pre>
</div>
<p>配置 5044 端口作为 Filebeat 的连接和创建 ES 索引。新建&nbsp;<code>logstash.conf</code> 配置文件，</p>
<div class="cnblogs_code">
<pre><span style="color: #000000;">input {
  beats {
    port </span>=&gt; <span style="color: #800080;">5044</span><span style="color: #000000;">
  }
}

output {
  elasticsearch {
    hosts </span>=&gt; <span style="color: #800000;">"</span><span style="color: #800000;">192.168.100.21:9200</span><span style="color: #800000;">"</span><span style="color: #000000;">
    manage_template </span>=&gt; <span style="color: #0000ff;">false</span><span style="color: #000000;">
    index </span>=&gt; <span style="color: #800000;">"</span><span style="color: #800000;">%{[@metadata][beat]}-%{+YYYY.MM.dd}</span><span style="color: #800000;">"</span><span style="color: #000000;">
    document_type </span>=&gt; <span style="color: #800000;">"</span><span style="color: #800000;">%{[@metadata][type]}</span><span style="color: #800000;">"</span><span style="color: #000000;">
  }
}</span></pre>
</div>
<p>Logstash 使用该配置使用 ES 的索引，和 Filebeat 做的事情是一样的，不过拥有了额外的缓存以及强大丰富的插件库。</p>
<p>启动 logstash ：</p>
<div class="cnblogs_code">
<pre>./bin/logstash -f config/logstash.conf &amp;</pre>
</div>
<h2>五&nbsp; kibana安装</h2>
<div class="titlepage">
<div>
<div>
<h3 class="title"><span>Kibana用户指南</span></h3>
</div>
</div>
</div>
<div class="toc">
<ul class="toc">
<li id="book_title"><span>Kibana参考：&nbsp;</span><select>
<option value="master">主</option>
<option value="6.x">6.x的</option>
<option value="6.3">6.3</option>
<option selected="selected" value="6.2">6.2（​​当前）</option>
<option value="6.1">6.1</option>
<option value="6.0">6</option>
<option value="5.6">5.6</option>
<option value="5.5">5.5</option>
<option value="5.4">5.4</option>
<option value="5.3">5.3</option>
<option value="5.2">5.2</option>
<option value="5.1">5.1</option>
<option value="5.0">5</option>
<option value="4.6">4.6</option>
<option value="4.5">4.5</option>
<option value="4.4">4.4</option>
<option value="4.3">4.3</option>
<option value="4.2">4.2</option>
<option value="4.1">4.1</option>
<option value="4.0">4</option>
<option value="3.0">3.0</option>
</select></li>
<li><span class="chapter"><a href="https://www.elastic.co/guide/en/kibana/current/introduction.html">介绍</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/setup.html">设置Kibana</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/setup-xpack-kb.html">设置X-Pack</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/breaking-changes.html">打破变化</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/breaking-changes-xkb.html">X-Pack突破性改变</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/getting-started.html">入门</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/discover.html">发现</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/visualize.html">想象</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/dashboard.html">仪表板</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/timelion.html">天联</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/xpack-ml.html">机器学习</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/xpack-apm.html">APM</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/xpack-graph.html">图形</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/devtools-kibana.html">开发工具</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/xpack-monitoring.html">监控</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/management.html">管理</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/xpack-reporting.html">来自Kibana的报道</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/kibana-plugins.html">Kibana插件</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/development.html"><span>贡献Kibana</span></a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/limitations.html">限制</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/release-notes.html">Kibana发行说明</a></span></li>
<li><span class="part"><a href="https://www.elastic.co/guide/en/kibana/current/release-notes-xkb.html">X-Pack发行说明</a></span></li>
</ul>
</div>
<p>Kibana是一个开源的分析和可视化平台，旨在与 Elasticsearch 合作。Kibana 提供搜索、查看和与存储在 Elasticsearch 索引中的数据进行交互的功能。开发者或运维人员可以轻松地执行高级数据分析，并在各种图表、表格和地图中可视化数据</p>
<h3>5.1 下载解压缩</h3>
<div class="cnblogs_code">
<pre>[admin@node21 elk]$ wget https:<span style="color: #008000;">//</span><span style="color: #008000;">artifacts.elastic.co/downloads/kibana/kibana-6.2.4-linux-x86_64.tar.gz<br />[admin@node21 elk]$ tar -xzf kibana-6.2.4-linux-x86_64.tar.gz</span></pre>
</div>
<h3>5.2 修改config/kibana.yml</h3>
<div class="cnblogs_code">
<pre>[admin@node21 elk]$ vi kibana-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>-linux-x86_64/config/<span style="color: #000000;">kibana.yml 
#server.host: </span><span style="color: #800000;">"</span><span style="color: #800000;">localhost</span><span style="color: #800000;">"</span><span style="color: #000000;">
server.host: </span><span style="color: #800000;">"</span><span style="color: #800000;">192.168.100.21</span><span style="color: #800000;">"</span><span style="color: #000000;">   #设置自己机器的IP
#elasticsearch.url: </span><span style="color: #800000;">"</span><span style="color: #800000;">http://localhost:9200</span><span style="color: #800000;">"</span><span style="color: #000000;">
elasticsearch.url: </span><span style="color: #800000;">"</span><span style="color: #800000;">http://192.168.100.21:9200</span><span style="color: #800000;">"</span></pre>
</div>
<h3>5.3 启动Kibana</h3>
<p>进入kibana/bin/目录</p>
<div class="cnblogs_code">
<pre>[admin@node21 bin]$ ./<span style="color: #000000;">kibana &amp;<br /></span></pre>
</div>
<p>页面访问：<a href="http://192.168.100.21:5601" target="_blank">192.168.100.21:5601</a></p>
<p><img src="https://images2018.cnblogs.com/blog/1385722/201806/1385722-20180608001120512-520769825.png" alt="" /></p>
<h2>六&nbsp; 安装故障问题</h2>
<h3>1&nbsp;bootstrap&nbsp; checks&nbsp; failed</h3>
<div class="cnblogs_code">
<pre>ERROR:<span style="color: #000000;"> bootstrap checks failed
</span><span style="color: #000000;">max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]<br />max number of threads [3812] for user [admin] is too low, increase to at least [4096]</span></pre>
</div>
<p>解决办法：</p>
<p>1）针对&nbsp;<span style="color: #ff0000;">max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]</span></p>
<p>切换root用户，修改/etc/security/limits.conf文件，配置系统搜索最大文件数，添加如下两行，此文件修改后需要重新登录用户，才会生效，验证是否设置成功&nbsp;&nbsp;<span style="color: #ff0000;">&nbsp;ulimit -Hn</span></p>
<div class="cnblogs_code">
<pre>*  hard  nofile  <span style="color: #800080;">65536</span>
*  soft  nofile  <span style="color: #800080;">65536</span></pre>
</div>
<p>2）针对&nbsp;&nbsp;<span style="color: #ff0000;">max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]</span></p>
<p>切换root用户，修改/etc/sysctl.conf 文件，添加如下信息，设置后保存退出，执行右边命令&nbsp; <span style="color: #ff0000;">sysctl -p</span></p>
<div class="cnblogs_code">
<pre>vm.max_map_count=262144<span style="color: #800080;"><br /></span></pre>
</div>
<p>3）针对&nbsp;<span style="color: #ff0000;">max number of threads [3812] for user [admin] is too low, increase to at least [4096]</span></p>
<p>修改 vi /etc/security/limits.d/20-nproc.conf，修改用户最大线程数，</p>
<div class="cnblogs_code">
<pre>*      soft   nproc   <span style="color: #800080;">4096</span><span style="color: #000000;">
root   soft   nproc   unlimited</span></pre>
</div>
<p>同时修改/etc/security/limits.conf，添加如下两行，修改完了验证&nbsp;<span style="color: #ff0000;">ulimit -u</span></p>
<div class="cnblogs_code">
<pre>*    soft   nproc    <span style="color: #800080;">4096</span>
*    hard   nproc    <span style="color: #800080;">4096</span></pre>
</div>
<h3>2&nbsp; head头安装警告问题</h3>
<div class="cnblogs_code">
<pre>npm <span style="color: #ff0000;">WARN elasticsearch-head@0.0.0</span><span style="color: #000000;"><span style="color: #ff0000;"> license should be a valid SPDX license expression</span>
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@</span><span style="color: #800080;">1.2</span>.<span style="color: #800080;">4</span> (node_modules/<span style="color: #000000;">fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform </span><span style="color: #0000ff;">for</span> fsevents@<span style="color: #800080;">1.2</span>.<span style="color: #800080;">4</span>: wanted {<span style="color: #800000;">"</span><span style="color: #800000;">os</span><span style="color: #800000;">"</span>:<span style="color: #800000;">"</span><span style="color: #800000;">darwin</span><span style="color: #800000;">"</span>,<span style="color: #800000;">"</span><span style="color: #800000;">arch</span><span style="color: #800000;">"</span>:<span style="color: #800000;">"</span><span style="color: #800000;">any</span><span style="color: #800000;">"</span>} (current: {<span style="color: #800000;">"</span><span style="color: #800000;">os</span><span style="color: #800000;">"</span>:<span style="color: #800000;">"</span><span style="color: #800000;">linux</span><span style="color: #800000;">"</span>,<span style="color: #800000;">"</span><span style="color: #800000;">arch</span><span style="color: #800000;">"</span>:<span style="color: #800000;">"</span><span style="color: #800000;">x64</span><span style="color: #800000;">"</span><span style="color: #000000;">})
npm ERR</span>!<span style="color: #000000;"> code ELIFECYCLE
npm ERR</span>! errno <span style="color: #800080;">1</span><span style="color: #000000;">
npm ERR</span>! phantomjs-prebuilt@<span style="color: #800080;">2.1</span>.<span style="color: #800080;">16</span><span style="color: #000000;"> install: `node install.js`
npm ERR</span>! Exit status <span style="color: #800080;">1</span><span style="color: #000000;">
npm ERR</span>!<span style="color: #000000;"> 
npm ERR</span>! Failed at the phantomjs-prebuilt@<span style="color: #800080;">2.1</span>.<span style="color: #800080;">16</span><span style="color: #000000;"> install script.
npm ERR</span>! This <span style="color: #0000ff;">is</span> probably not a problem with npm. There <span style="color: #0000ff;">is</span><span style="color: #000000;"> likely additional logging output above.
npm ERR</span>! A complete log of <span style="color: #0000ff;">this</span> run can be found <span style="color: #0000ff;">in</span><span style="color: #000000;">:
npm ERR</span>!     /home/admin/.npm/_logs/<span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-06T11_41_22_784Z-debug.log</pre>
</div>
<p>第一个警告：解决方式：打开elasticsearch-head目录下的package.json文件，找到license位置，修改为上面这个网站上存在Identifier,我的修改如下，将Apache内容修改为Apache-2.0。</p>
<div class="cnblogs_code">
<pre><span style="color: #000000;">{
  </span><span style="color: #800000;">"</span><span style="color: #800000;">name</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">elasticsearch-head</span><span style="color: #800000;">"</span><span style="color: #000000;">,
  </span><span style="color: #800000;">"</span><span style="color: #800000;">version</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">0.0.0</span><span style="color: #800000;">"</span><span style="color: #000000;">,
  </span><span style="color: #800000;">"</span><span style="color: #800000;">description</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">Front end for an elasticsearch cluster</span><span style="color: #800000;">"</span><span style="color: #000000;">,
  </span><span style="color: #800000;">"</span><span style="color: #800000;">main</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">_site/index.html</span><span style="color: #800000;">"</span><span style="color: #000000;">,
  </span><span style="color: #800000;">"</span><span style="color: #800000;">directories</span><span style="color: #800000;">"</span><span style="color: #000000;">: {
    </span><span style="color: #800000;">"</span><span style="color: #800000;">test</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">test</span><span style="color: #800000;">"</span><span style="color: #000000;">
  },
  </span><span style="color: #800000;">"</span><span style="color: #800000;">scripts</span><span style="color: #800000;">"</span><span style="color: #000000;">: {
    </span><span style="color: #800000;">"</span><span style="color: #800000;">start</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">grunt server</span><span style="color: #800000;">"</span><span style="color: #000000;">,
    </span><span style="color: #800000;">"</span><span style="color: #800000;">test</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">grunt jasmine</span><span style="color: #800000;">"</span><span style="color: #000000;">,
    </span><span style="color: #800000;">"</span><span style="color: #800000;">proxy</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">node proxy/index.js</span><span style="color: #800000;">"</span><span style="color: #000000;">
  },
  </span><span style="color: #800000;">"</span><span style="color: #800000;">repository</span><span style="color: #800000;">"</span><span style="color: #000000;">: {
    </span><span style="color: #800000;">"</span><span style="color: #800000;">type</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">git</span><span style="color: #800000;">"</span><span style="color: #000000;">,
    </span><span style="color: #800000;">"</span><span style="color: #800000;">url</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">https://github.com/mobz/elasticsearch-head.git</span><span style="color: #800000;">"</span><span style="color: #000000;">
  },
  </span><span style="color: #800000;">"</span><span style="color: #800000;">author</span><span style="color: #800000;">"</span>: <span style="color: #800000;">""</span><span style="color: #000000;">,
  </span><span style="color: #800000;">"</span><span style="color: #800000;">license</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #ff0000;">Apache-2.0</span><span style="color: #800000;">"</span><span style="color: #000000;">,
  </span><span style="color: #800000;">"</span><span style="color: #800000;">gitHead</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">0c2ac0b5723b493e4454baa7398f386ecb829412</span><span style="color: #800000;">"</span><span style="color: #000000;">,
  </span><span style="color: #800000;">"</span><span style="color: #800000;">readmeFilename</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">README.textile</span><span style="color: #800000;">"</span><span style="color: #000000;">,
  </span><span style="color: #800000;">"</span><span style="color: #800000;">devDependencies</span><span style="color: #800000;">"</span><span style="color: #000000;">: {
    </span><span style="color: #800000;">"</span><span style="color: #800000;">grunt</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">1.0.1</span><span style="color: #800000;">"</span><span style="color: #000000;">,
    </span><span style="color: #800000;">"</span><span style="color: #800000;">grunt-contrib-concat</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">1.0.1</span><span style="color: #800000;">"</span><span style="color: #000000;">,
    </span><span style="color: #800000;">"</span><span style="color: #800000;">grunt-contrib-watch</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">1.0.0</span><span style="color: #800000;">"</span><span style="color: #000000;">,
    </span><span style="color: #800000;">"</span><span style="color: #800000;">grunt-contrib-connect</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">1.0.2</span><span style="color: #800000;">"</span><span style="color: #000000;">,
    </span><span style="color: #800000;">"</span><span style="color: #800000;">grunt-contrib-copy</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">1.0.0</span><span style="color: #800000;">"</span><span style="color: #000000;">,
    </span><span style="color: #800000;">"</span><span style="color: #800000;">grunt-contrib-clean</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">1.0.0</span><span style="color: #800000;">"</span><span style="color: #000000;">,
    </span><span style="color: #800000;">"</span><span style="color: #800000;">grunt-contrib-jasmine</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">1.0.3</span><span style="color: #800000;">"</span><span style="color: #000000;">,
    </span><span style="color: #800000;">"</span><span style="color: #800000;">karma</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">1.3.0</span><span style="color: #800000;">"</span><span style="color: #000000;">,
    </span><span style="color: #800000;">"</span><span style="color: #800000;">grunt-karma</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">2.0.0</span><span style="color: #800000;">"</span><span style="color: #000000;">,
    </span><span style="color: #800000;">"</span><span style="color: #800000;">http-proxy</span><span style="color: #800000;">"</span>: <span style="color: #800000;">"</span><span style="color: #800000;">1.16.x</span><span style="color: #800000;">"</span><span style="color: #000000;">
  }</span></pre>
</div>
<p>然后重新执行npm install ，该提示已消除。</p>
<h3>3&nbsp;head安装后启动问题</h3>
<div class="cnblogs_code">
<pre>[<span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-06T08:<span style="color: #800080;">24</span>:<span style="color: #800080;">28</span>,<span style="color: #800080;">869</span>][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [node21] uncaught exception <span style="color: #0000ff;">in</span><span style="color: #000000;"> thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalArgumentException: property [elasticsearch.version] </span><span style="color: #0000ff;">is</span> missing <span style="color: #0000ff;">for</span><span style="color: #000000;"> plugin [head]
    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:</span><span style="color: #800080;">125</span>) ~[elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>.jar:<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span><span style="color: #000000;">]
    at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:</span><span style="color: #800080;">112</span>) ~[elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>.jar:<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span><span style="color: #000000;">]
    at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:</span><span style="color: #800080;">86</span>) ~[elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>.jar:<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span><span style="color: #000000;">]
    at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:</span><span style="color: #800080;">124</span>) ~[elasticsearch-cli-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>.jar:<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span><span style="color: #000000;">]
    at org.elasticsearch.cli.Command.main(Command.java:</span><span style="color: #800080;">90</span>) ~[elasticsearch-cli-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>.jar:<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span><span style="color: #000000;">]
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:</span><span style="color: #800080;">92</span>) ~[elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>.jar:<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span><span style="color: #000000;">]
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:</span><span style="color: #800080;">85</span>) ~[elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>.jar:<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span><span style="color: #000000;">]
Caused by: java.lang.IllegalArgumentException: property [elasticsearch.version] </span><span style="color: #0000ff;">is</span> missing <span style="color: #0000ff;">for</span><span style="color: #000000;"> plugin [head]
    at org.elasticsearch.plugins.PluginInfo.readFromProperties(PluginInfo.java:</span><span style="color: #800080;">226</span>) ~[elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>.jar:<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span><span style="color: #000000;">]
    at org.elasticsearch.plugins.PluginInfo.readFromProperties(PluginInfo.java:</span><span style="color: #800080;">184</span>) ~[elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>.jar:<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span><span style="color: #000000;">]
    at org.elasticsearch.bootstrap.Spawner.spawnNativePluginControllers(Spawner.java:</span><span style="color: #800080;">75</span>) ~[elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>.jar:<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span><span style="color: #000000;">]
    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:</span><span style="color: #800080;">167</span>) ~[elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>.jar:<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span><span style="color: #000000;">]
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:</span><span style="color: #800080;">323</span>) ~[elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>.jar:<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span><span style="color: #000000;">]
    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:</span><span style="color: #800080;">121</span>) ~[elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>.jar:<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span><span style="color: #000000;">]
    ... </span><span style="color: #800080;">6</span> more</pre>
</div>
<p>解决分析：elasticsearch-head自5.1之后不支持直接放在elasticsearch的 plugins、modules 目录下，也不能使用 elasticsearch-plugin install。</p>
<p>安装 elasticsearch-head</p>
<ol>
<li>
<p>修改 <code>elasticsearch/config/elasticsearch.yml，添加如下内容</code></p>
</li>
</ol>
<div class="cnblogs_code">
<pre>http.cors.enabled: <span style="color: #0000ff;">true</span><span style="color: #000000;">
http.cors.allow</span>-origin: <span style="color: #800000;">"</span><span style="color: #800000;">*</span><span style="color: #800000;">"</span></pre>
</div>
<ul>
<li>
<p>下载 elasticsearch-head 或者 git clone 到随便一个文件夹</p>
</li>
<li>
<p>安装<code>nodejs</code></p>
</li>
<li>
<p><code>cd /path/to/elasticsearch-head</code></p>
</li>
<li>
<p><code>npm install -g grunt-cli</code></p>
</li>
<li>
<p><code>npm install</code></p>
</li>
<li>
<p><code>grunt server</code></p>
</li>
<li>
<p><code>http://localhost:9100/</code></p>
</li>
</ul>
<h3>4&nbsp; 设置锁内存故障</h3>
<p>1）elasticsearch官网建议生产环境需要设置bootstrap.memory_lock: true，导致Elasticsearch启动失败问题</p>
<div class="cnblogs_code">
<pre>[admin@node21 bin]$ ./<span style="color: #000000;">elasticsearch
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">12</span>,<span style="color: #800080;">370</span>][WARN ][o.e.b.JNANatives         ] Unable to <span style="color: #0000ff;">lock</span> JVM Memory: error=<span style="color: #800080;">12</span>, reason=<span style="color: #000000;">Cannot allocate memory
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">12</span>,<span style="color: #800080;">374</span>][WARN ][o.e.b.JNANatives         ] This can result <span style="color: #0000ff;">in</span> part of the JVM being swapped <span style="color: #0000ff;">out</span><span style="color: #000000;">.
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">12</span>,<span style="color: #800080;">374</span>][WARN ][o.e.b.JNANatives         ] Increase RLIMIT_MEMLOCK, soft limit: <span style="color: #800080;">65536</span>, hard limit: <span style="color: #800080;">65536</span><span style="color: #000000;">
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">12</span>,<span style="color: #800080;">374</span>][WARN ][o.e.b.JNANatives         ] <span style="color: #ff0000;">These can be adjusted by modifying /etc/security/limits.conf, for example: 
    # allow user 'admin'</span><span style="color: #000000;"><span style="color: #ff0000;"> mlockall
    admin soft memlock unlimited
    admin hard memlock unlimited</span>
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">12</span>,<span style="color: #800080;">375</span>][WARN ][o.e.b.JNANatives         ] If you are logged <span style="color: #0000ff;">in</span> interactively, you will have to re-login <span style="color: #0000ff;">for</span> the <span style="color: #0000ff;">new</span><span style="color: #000000;"> limits to take effect.
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">12</span>,<span style="color: #800080;">875</span><span style="color: #000000;">][INFO ][o.e.n.Node               ] [node21] initializing ...
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">13</span>,<span style="color: #800080;">033</span>][INFO ][o.e.e.NodeEnvironment    ] [node21] <span style="color: #0000ff;">using</span> [<span style="color: #800080;">1</span>] data paths, mounts [[/ (rootfs)]], net usable_space [<span style="color: #800080;">90</span>.7gb], net total_space [<span style="color: #800080;">97</span><span style="color: #000000;">.6gb], 
types [rootfs][</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">13</span>,<span style="color: #800080;">034</span>][INFO ][o.e.e.NodeEnvironment    ] [node21] heap size [<span style="color: #800080;">1015</span>.6mb], compressed ordinary <span style="color: #0000ff;">object</span> pointers [<span style="color: #0000ff;">true</span><span style="color: #000000;">]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">13</span>,<span style="color: #800080;">036</span><span style="color: #000000;">][INFO ][o.e.n.Node               ] [node21] node name [node21], node ID [sM6bNfHmT7CknreP2b9RHw]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">13</span>,<span style="color: #800080;">037</span>][INFO ][o.e.n.Node               ] [node21] version[<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>], pid[<span style="color: #800080;">2164</span>], build[ccec39f/<span style="color: #800080;">2018</span>-<span style="color: #800080;">04</span>-12T20:<span style="color: #800080;">37</span>:<span style="color: #800080;">28</span>.497551Z], OS[Linux/<span style="color: #800080;">3.10</span>.<span style="color: #800080;">0</span>-<span style="color: #800080;">862</span><span style="color: #000000;">.el7.x86
_64</span>/amd64], JVM[Oracle Corporation/Java HotSpot(TM) <span style="color: #800080;">64</span>-Bit Server VM/<span style="color: #800080;">1.8</span>.0_171/<span style="color: #800080;">25.171</span>-b11][<span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">13</span>,<span style="color: #800080;">037</span>][INFO ][o.e.n.Node               ] [node21] JVM arguments [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=<span style="color: #800080;">75</span>, -<span style="color: #000000;">XX
:</span>+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=<span style="color: #0000ff;">true</span>, -Dfile.encoding=UTF-<span style="color: #800080;">8</span>, -Djna.nosys=<span style="color: #0000ff;">true</span>, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=<span style="color: #0000ff;">true</span>, -Dio.netty.noKeySetOptimization=<span style="color: #0000ff;">true</span>, -Dio.netty.recycler.maxCapacityPerThread=<span style="color: #800080;">0</span>, -Dlog4j.shutdownHookEnabled=<span style="color: #0000ff;">false</span>, -Dlog4j2.disable.jmx=<span style="color: #0000ff;">true</span>, -Djava.io.tmpdir=/tmp/elasticsearch.OUkgncgb, -XX:+HeapDumpOnOutOfMemoryError, -XX:+PrintGCDetails, -XX:+PrintGCDateStamps, -XX:+PrintTenuringDistribution, -XX:+PrintGCApplicationStoppedTime, -Xloggc:logs/gc.log, -XX:+UseGCLogFileRotation, -XX:NumberOfGCLogFiles=<span style="color: #800080;">32</span>, -XX:GCLogFileSize=64m, -Des.path.home=/opt/module/elk/elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>, -Des.path.conf=/opt/module/elk/elasticsearch-<span style="color: #800080;">6.2</span>.<span style="color: #800080;">4</span>/config][<span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">15</span>,<span style="color: #800080;">004</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [aggs-matrix-<span style="color: #000000;">stats]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">15</span>,<span style="color: #800080;">004</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [analysis-<span style="color: #000000;">common]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">15</span>,<span style="color: #800080;">004</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [ingest-<span style="color: #000000;">common]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">15</span>,<span style="color: #800080;">005</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [lang-<span style="color: #000000;">expression]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">15</span>,<span style="color: #800080;">005</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [lang-<span style="color: #000000;">mustache]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">15</span>,<span style="color: #800080;">005</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [lang-<span style="color: #000000;">painless]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">15</span>,<span style="color: #800080;">005</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [mapper-<span style="color: #000000;">extras]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">15</span>,<span style="color: #800080;">005</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [parent-<span style="color: #000000;">join]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">15</span>,<span style="color: #800080;">005</span><span style="color: #000000;">][INFO ][o.e.p.PluginsService     ] [node21] loaded module [percolator]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">15</span>,<span style="color: #800080;">005</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [rank-<span style="color: #000000;">eval]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">15</span>,<span style="color: #800080;">006</span><span style="color: #000000;">][INFO ][o.e.p.PluginsService     ] [node21] loaded module [reindex]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">15</span>,<span style="color: #800080;">006</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [repository-<span style="color: #000000;">url]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">15</span>,<span style="color: #800080;">006</span>][INFO ][o.e.p.PluginsService     ] [node21] loaded module [transport-<span style="color: #000000;">netty4]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">15</span>,<span style="color: #800080;">006</span><span style="color: #000000;">][INFO ][o.e.p.PluginsService     ] [node21] loaded module [tribe]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">15</span>,<span style="color: #800080;">007</span><span style="color: #000000;">][INFO ][o.e.p.PluginsService     ] [node21] no plugins loaded
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">22</span>,<span style="color: #800080;">618</span>][INFO ][o.e.d.DiscoveryModule    ] [node21] <span style="color: #0000ff;">using</span><span style="color: #000000;"> discovery type [zen]
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">24</span>,<span style="color: #800080;">023</span><span style="color: #000000;">][INFO ][o.e.n.Node               ] [node21] initialized
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">24</span>,<span style="color: #800080;">024</span><span style="color: #000000;">][INFO ][o.e.n.Node               ] [node21] starting ...
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">24</span>,<span style="color: #800080;">561</span>][INFO ][o.e.t.TransportService   ] [node21] publish_address {<span style="color: #800080;">192.168</span>.<span style="color: #800080;">100.21</span>:<span style="color: #800080;">9300</span>}, bound_addresses {<span style="color: #800080;">192.168</span>.<span style="color: #800080;">100.21</span>:<span style="color: #800080;">9300</span><span style="color: #000000;">}
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">24</span>,<span style="color: #800080;">609</span>][INFO ][o.e.b.BootstrapChecks    ] [node21] bound or publishing to a non-<span style="color: #000000;">loopback address, enforcing bootstrap checks
ERROR: [</span><span style="color: #800080;">1</span><span style="color: #000000;">] bootstrap checks failed
[</span><span style="color: #800080;">1</span>]: memory locking requested <span style="color: #0000ff;">for</span> elasticsearch process but memory <span style="color: #0000ff;">is</span><span style="color: #000000;"> not locked
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">24</span>,<span style="color: #800080;">684</span><span style="color: #000000;">][INFO ][o.e.n.Node               ] [node21] stopping ...
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">24</span>,<span style="color: #800080;">811</span><span style="color: #000000;">][INFO ][o.e.n.Node               ] [node21] stopped
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">24</span>,<span style="color: #800080;">812</span><span style="color: #000000;">][INFO ][o.e.n.Node               ] [node21] closing ...
[</span><span style="color: #800080;">2018</span>-<span style="color: #800080;">06</span>-07T23:<span style="color: #800080;">50</span>:<span style="color: #800080;">24</span>,<span style="color: #800080;">851</span>][INFO ][o.e.n.Node               ] [node21] closed</pre>
</div>
<p>修改/etc/sysctl.conf和/etc/security/limits.conf&nbsp;</p>
<div class="cnblogs_code">
<pre>vi /etc/<span style="color: #000000;">sysctl.conf
vm.swappiness</span>=<span style="color: #800080;">0</span><span style="color: #000000;">
vi </span>/etc/security/<span style="color: #000000;">limits.conf 
admin soft memlock unlimited
admin hard memlock unlimited
修改完重新登录生效</span></pre>
</div>
<p>2）改完之后有可能启动失败</p>
<div class="cnblogs_code">
<pre>[admin@node22 bin]$ ./<span style="color: #000000;">elasticsearch
Killed</span></pre>
</div>
<p>这里一般是由于内存不足导致的，需要设置es的虚拟机参数。修改es_home/bin/elasticsearch。如下所示：ES_JAVA_OPTS="-Xms1g -Xmx1g"</p>
<h3>5&nbsp; IK分词器问题</h3>
<div class="cnblogs_code">
<pre>{"error":{"root_cause":[{"type":"mapper_parsing_exception","reason":"analyzer [ik_max_word] not found for field [content]"}],"type":"mapper_parsing_exception","reason"<span>
:"analyzer <span style="color: #ff0000;">[ik_max_word] not found for field</span> [content]"},"status":400}</span></pre>
</div>
<p>解决：如果出现上述报错，可能是单节点安装了ik分词器造成的，如果集群是多节点的，需要集群中每个节点上都要安装Ik。</p>
<h3>6&nbsp; Kibana问题</h3>
<div class="cnblogs_code">
<pre>log   [<span style="color: #800080;">16</span>:<span style="color: #800080;">11</span>:<span style="color: #800080;">15.912</span>] [error][timelion] Error:  <span style="color: #0000ff;">in</span> cell #<span style="color: #800080;">1</span>: Elasticsearch index not found: _all: Error:  <span style="color: #0000ff;">in</span> cell #<span style="color: #800080;">1</span>: Elasticsearch index not found: _all</pre>
</div>
<p>&nbsp;</p></div>

</body>
</html>
